important
This is a contributors guide and NOT a user guide. Please visit these docs if you are using or evaluating SuperTokens.
Optional session verification should re-throw TRY_REFRESH_TOKEN errors
Status
This is just a proposal so far, it hasn't been accepted and needs further discussion.
- Status:
- proposed
- Deciders:
- rishabhpoddar, porcellus
- Proposed by:
- porcellus
- Created:
- 2022-11-24
#
Context and Problem StatementWe want devs to be able to be able to specifically allow/disallow a token transfer method in verifySession
and refreshSession
. E.g.: A web only application wants to only ever want to use cookie based sessions (and httpOnly cookies), so they want to disable header based sessions.
#
Considered Options- Re-use
getTokenTransferMethod
- Add a new
allowTokenTransferMethod
#
Decision OutcomeRe-use getTokenTransferMethod
. Reasons:
- Single function override if someone wants to only allow/use a single token transfer method